From: Eric Biggers via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>
To: Sheng Yong <shengyong1@huawei.com>
Cc: jaegeuk@kernel.org, linux-fscrypt@vger.kernel.org,
miaoxie@huawei.com, linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [RFC PATCH v3] f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
Date: Tue, 6 Mar 2018 11:38:31 -0800 [thread overview]
Message-ID: <20180306193831.GA166451@google.com> (raw)
In-Reply-To: <20180306033904.122540-1-shengyong1@huawei.com>
[+Cc linux-fscrypt]
Hi Sheng,
On Tue, Mar 06, 2018 at 11:39:04AM +0800, Sheng Yong wrote:
> This patch introduces a new feature, F2FS_FEATURE_LOST_FOUND, which
> is set by mkfs. It creates a directory named lost+found, which saves
> unreachable files. If fsck finds a file which has no parent, or its
> parent is removed by fsck, the file will be placed under lost+found
> directory by fsck.
>
> lost+found directory could not be encrypted. As a result, the root
> directory cannot be encrypted too. So if LOST_FOUND feature is enabled,
> let's avoid to encrypt root directory.
>
> This patch also introduces a new mount option `test_dummy_encryption'
> to allow fscrypt to create a fake fscrypt context. This is used by
> xfstests.
It would be a bit easier to review if this was split into 2 patches:
1. Add LOST_FOUND feature
2. Add test_dummy_encryption mount option
> diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
> index 797eb05cb538..7f908be8d525 100644
> --- a/fs/f2fs/dir.c
> +++ b/fs/f2fs/dir.c
> @@ -361,6 +361,7 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
> struct page *dpage)
> {
> struct page *page;
> + int encrypt = DUMMY_ENCRYPTION_ENABLED(F2FS_I_SB(dir));
> int err;
>
> if (is_inode_flag_set(inode, FI_NEW_INODE)) {
> @@ -387,7 +388,8 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
> if (err)
> goto put_error;
>
> - if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode)) {
> + if ((f2fs_encrypted_inode(dir) || encrypt) &&
> + f2fs_may_encrypt(inode)) {
> err = fscrypt_inherit_context(dir, inode, page, false);
> if (err)
> goto put_error;
> @@ -402,7 +404,7 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
>
> if (new_name) {
> init_dent_inode(new_name, page);
> - if (f2fs_encrypted_inode(dir))
> + if (f2fs_encrypted_inode(dir) || encrypt)
> file_set_enc_name(inode);
> }
>
'enc_name' should only be set if the parent directory is encrypted, right? So
the condition for file_set_enc_name() should stay 'f2fs_encrypted_inode(dir)'.
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> @@ -719,6 +721,18 @@ static int parse_options(struct super_block *sb, char *options)
> }
> kfree(name);
> break;
> +#ifdef CONFIG_F2FS_FS_ENCRYPTION
> + case Opt_test_dummy_encryption:
> + sbi->mount_flags |= F2FS_MF_TEST_DUMMY_ENCRYPTION;
> + f2fs_msg(sb, KERN_INFO,
> + "Test dummy encryption mode enabled");
> + break;
> +#else
> + case Opt_test_dummy_encryption:
> + f2fs_msg(sb, KERN_INFO,
> + "Test dummy encryption mount option ignored");
> + break;
> +#endif
You could write the 'case Opt_test_dummy_encryption:" and break just once, and
put the #ifdef inside it.
> @@ -2696,6 +2732,12 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
> }
> }
>
> + if (DUMMY_ENCRYPTION_ENABLED(sbi) && !f2fs_readonly(sb) &&
> + !f2fs_sb_has_encrypt(sb)) {
> + f2fs_sb_set_encrypt(sb);
> + recovery = 1;
> + }
> +
[...]
> /* get an inode for meta space */
> sbi->meta_inode = f2fs_iget(sb, F2FS_META_INO(sbi));
> if (IS_ERR(sbi->meta_inode)) {
> @@ -2870,12 +2912,16 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
> }
> kfree(options);
>
> - /* recover broken superblock */
> + /* recover broken superblock or enable encrypt feature */
> if (recovery) {
> - err = f2fs_commit_super(sbi, true);
> - f2fs_msg(sb, KERN_INFO,
> - "Try to recover %dth superblock, ret: %d",
> - sbi->valid_super_block ? 1 : 2, err);
> + if (sbi->mount_flags & F2FS_MF_TEST_DUMMY_ENCRYPTION) {
> + f2fs_commit_super(sbi, false);
> + } else {
> + err = f2fs_commit_super(sbi, true);
> + f2fs_msg(sb, KERN_INFO,
> + "Try to recover %dth superblock, ret: %d",
> + sbi->valid_super_block ? 1 : 2, err);
> + }
> }
How about just not allowing mounting with test_dummy_encryption if the 'encrypt'
feature flag isn't already set? That would be simpler. I think it was a
mistake that ext4 automatically turns the 'encrypt' flag on when
test_dummy_encryption is specified.
- Eric
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@google.com>
To: Sheng Yong <shengyong1@huawei.com>
Cc: jaegeuk@kernel.org, yuchao0@huawei.com, miaoxie@huawei.com,
linux-f2fs-devel@lists.sourceforge.net,
linux-fscrypt@vger.kernel.org
Subject: Re: [RFC PATCH v3] f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
Date: Tue, 6 Mar 2018 11:38:31 -0800 [thread overview]
Message-ID: <20180306193831.GA166451@google.com> (raw)
In-Reply-To: <20180306033904.122540-1-shengyong1@huawei.com>
[+Cc linux-fscrypt]
Hi Sheng,
On Tue, Mar 06, 2018 at 11:39:04AM +0800, Sheng Yong wrote:
> This patch introduces a new feature, F2FS_FEATURE_LOST_FOUND, which
> is set by mkfs. It creates a directory named lost+found, which saves
> unreachable files. If fsck finds a file which has no parent, or its
> parent is removed by fsck, the file will be placed under lost+found
> directory by fsck.
>
> lost+found directory could not be encrypted. As a result, the root
> directory cannot be encrypted too. So if LOST_FOUND feature is enabled,
> let's avoid to encrypt root directory.
>
> This patch also introduces a new mount option `test_dummy_encryption'
> to allow fscrypt to create a fake fscrypt context. This is used by
> xfstests.
It would be a bit easier to review if this was split into 2 patches:
1. Add LOST_FOUND feature
2. Add test_dummy_encryption mount option
> diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
> index 797eb05cb538..7f908be8d525 100644
> --- a/fs/f2fs/dir.c
> +++ b/fs/f2fs/dir.c
> @@ -361,6 +361,7 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
> struct page *dpage)
> {
> struct page *page;
> + int encrypt = DUMMY_ENCRYPTION_ENABLED(F2FS_I_SB(dir));
> int err;
>
> if (is_inode_flag_set(inode, FI_NEW_INODE)) {
> @@ -387,7 +388,8 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
> if (err)
> goto put_error;
>
> - if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode)) {
> + if ((f2fs_encrypted_inode(dir) || encrypt) &&
> + f2fs_may_encrypt(inode)) {
> err = fscrypt_inherit_context(dir, inode, page, false);
> if (err)
> goto put_error;
> @@ -402,7 +404,7 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
>
> if (new_name) {
> init_dent_inode(new_name, page);
> - if (f2fs_encrypted_inode(dir))
> + if (f2fs_encrypted_inode(dir) || encrypt)
> file_set_enc_name(inode);
> }
>
'enc_name' should only be set if the parent directory is encrypted, right? So
the condition for file_set_enc_name() should stay 'f2fs_encrypted_inode(dir)'.
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> @@ -719,6 +721,18 @@ static int parse_options(struct super_block *sb, char *options)
> }
> kfree(name);
> break;
> +#ifdef CONFIG_F2FS_FS_ENCRYPTION
> + case Opt_test_dummy_encryption:
> + sbi->mount_flags |= F2FS_MF_TEST_DUMMY_ENCRYPTION;
> + f2fs_msg(sb, KERN_INFO,
> + "Test dummy encryption mode enabled");
> + break;
> +#else
> + case Opt_test_dummy_encryption:
> + f2fs_msg(sb, KERN_INFO,
> + "Test dummy encryption mount option ignored");
> + break;
> +#endif
You could write the 'case Opt_test_dummy_encryption:" and break just once, and
put the #ifdef inside it.
> @@ -2696,6 +2732,12 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
> }
> }
>
> + if (DUMMY_ENCRYPTION_ENABLED(sbi) && !f2fs_readonly(sb) &&
> + !f2fs_sb_has_encrypt(sb)) {
> + f2fs_sb_set_encrypt(sb);
> + recovery = 1;
> + }
> +
[...]
> /* get an inode for meta space */
> sbi->meta_inode = f2fs_iget(sb, F2FS_META_INO(sbi));
> if (IS_ERR(sbi->meta_inode)) {
> @@ -2870,12 +2912,16 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
> }
> kfree(options);
>
> - /* recover broken superblock */
> + /* recover broken superblock or enable encrypt feature */
> if (recovery) {
> - err = f2fs_commit_super(sbi, true);
> - f2fs_msg(sb, KERN_INFO,
> - "Try to recover %dth superblock, ret: %d",
> - sbi->valid_super_block ? 1 : 2, err);
> + if (sbi->mount_flags & F2FS_MF_TEST_DUMMY_ENCRYPTION) {
> + f2fs_commit_super(sbi, false);
> + } else {
> + err = f2fs_commit_super(sbi, true);
> + f2fs_msg(sb, KERN_INFO,
> + "Try to recover %dth superblock, ret: %d",
> + sbi->valid_super_block ? 1 : 2, err);
> + }
> }
How about just not allowing mounting with test_dummy_encryption if the 'encrypt'
feature flag isn't already set? That would be simpler. I think it was a
mistake that ext4 automatically turns the 'encrypt' flag on when
test_dummy_encryption is specified.
- Eric
next prev parent reply other threads:[~2018-03-06 19:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-06 3:39 [RFC PATCH v3] f2fs: introduce F2FS_FEATURE_LOST_FOUND feature Sheng Yong
2018-03-06 19:38 ` Eric Biggers via Linux-f2fs-devel [this message]
2018-03-06 19:38 ` Eric Biggers
2018-03-07 2:40 ` Sheng Yong
2018-03-07 2:40 ` Sheng Yong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180306193831.GA166451@google.com \
--to=linux-f2fs-devel@lists.sourceforge.net \
--cc=ebiggers@google.com \
--cc=jaegeuk@kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=miaoxie@huawei.com \
--cc=shengyong1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.